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AMENDMENTS TO THE CLAIMS 
Please amend the claims as follows. 

1. (Currently Amended) A method of providing a circle of trust comprising: 

receiving a first certificate of a first affiliat e d e ntity server by a second affiliated 
^rtity server ; 

storing said first certificate of said first affiliat e d entity server in a first trusted 
partner list accessible by said second affiliat e d e ntit y server : 

receiving a second certificate of said second affiliat e d entity server by said first 
affiliat e d e ntit y server: and 

storing said second certificate of said second affiliated entity server in a second 
trusted partner list accessible by said s e cond first affiliated e ntit y server 

[[;]]. 

wherein access by a client to a resource associated with said first server is 
controlled as a fimction of said first trusted partner lis t or said second 
trusted partner li st. 

2. (Currently Amended) The method according to Claim 1 fiirther comprising: 

initiating use of [[a]] said resource on a r e lying party device by [[a]] said client 
d e vic e, wherein an authentication assertion reference is provided by [[a]] 
said client deviee; 

determining an identity of an said second server issuing party as a fiinction of said 

authentication assertion reference; 
sending an authentication request containing [[a]] said first certificate of said first 

server r e lying party to said second server issuing party ; 
determining if said first certificate is contained in [[a]] said first trusted partner list 

of said second server i s suing party ; 
sending an authentication assertion indicating that said client has been 

authenticated, fi'om said second server issuing party to said relying party 
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first server when said first certificate is contained in [[a]] said first trusted 

partner list of said second server issuing party ; 
sending an authentication assertion, indicating that said client has not been 

authenticated, from said second server i s suing party to said first server 

r e lying party when said first certificate is not contained in said first trusted 

partner list of said second server issuing party ; and 
providing said r e qu e st e d resource to said client d e vic e by said first server r e lying 

party when said authentication assertion indicates that said client has been 

authenticated. 

3. (Currently Amended) The method according to Claim 2, further comprising: 

logging-on to said second server issuing party utilizing by said client d e vic e; and 
authenticating said client deviee by said second server issuing party . 

4. (Currently Amended) The method according to Claim 1, further comprising: 

receiving a first network address of said first affiliated entity server by said second 

affiliat e d e ntit y server : 
storing said first network address of said first affiliated ontit v server in said first 

trusted partner list accessible by said second affiliated ontit v server : 
receiving a second network address of said second affiliated entit y server by said 

first affiliated entity server : and 
storing said second network address of said second affiliat e d entity server in said 

second trusted partner Ust accessible by said first s e cond affiliat e d entity 

server. 

5. (Currently Amended) The method according to Claim 4, further comprising: 

initiating «seF use of [[a]] said resource on a relying party dovico associated with 
said first server by [[a]] said client d e vic e, wherein an authentication 
assertion reference is provided by a said client d e vice ; 

determining an identity of said second server an is s uing party as a function of said 
authentication assertion reference; 
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sending an authentication request from said first server a relying party to said 
second server an issuing party : 

determining [[a]] said first network address of said relying party first server from 
said authentication request; 

determining if said first network address is contained in [[a]] said first trusted 
partner list of said second server issuing party ; 

sending an authentication assertion, indicating that said client has been 
authenticated, from said second server issuing party to said relying party 
first server when said first network address is contained in [[a]] said first 
trusted partner list of said second server issuing party ; 

sending an authentication assertion, indicating that said client has not been 
authenticated, from said second server issuing party to said r e lying party 
first server when said first network address is not contained in said first 
trusted partner list of said second server issuing part\^ : and 

providing said r e qu e st e d resource to said client d e vic e by said first server r e lying 
party when said authentication assertion indicates that said client has been 
authenticated. 

6. (Original) The method according to Claim 4, wherein said first network address and 
said second network address comprises a first and second internet protocol (IP) 
address respectively, 

7. (Currently Amended) The method according to Claim 1, further comprising: 

receiving a first network address of a third affiliat e d entity server by said first 

affiliated entit y server: 
storing said first network address of said third affiliat e d entit>^ server in said 

second trusted partner list accessible aco e ssablc by said first affiliated 

entit y server : 

receiving a second network address of said first affiliated entit y server by said 
third affiliated entit y server : and 
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storing said second network address of said first affiliated e ntity server in a third 
trusted partner list accessible acc e ssablo by said third affiliat e d e ntity 
server . 

8. (Currently Amended) A method of providing a circle of trust comprising: 

initiating «seF use of a resource associated with en a relying party serve r d e vic e by 
a client d e vic e, wherein an authentication assertion reference is provided by 
said a client to said reiving server, devie e and wherein said authentication 
assertion reference is provided to said client bv an issuing server : 

determining an identity of [[an]] said issuing party server as a function of said 
authentication assertion reference; 

sending [[an]] a first authentication request comprising containing a certificate of 
said relying party server to said issuing part y server : 

determining if said certificate is contained in a trusted partner list of said issuing 
part y server : 

sending an authentication assertion, indicating that said client has been 
authenticated, from said issuing p^t y server to said relying party server 
when said certificate is contained in [[a]] said trusted partner list of said 
issuing p^t v server : 

sending an authentication assertion, indicating that said client has not been 
authenticated, from said issuing part y server to said relying party server 
when said certificate is not contained in said trusted partner list of said 
issuing part y server : and 

providing said r e quest e d resource to said client d e vic e by said relying ^art y server 
when said authentication assertion indicates that said client has been 
authenticated. 

9. (Currently Amended) The method according to Claim 8, fiirther comprising: 

sending [[an]] a second authentication request from said relying party server to 
said issuing pM=t y server : 
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determining a network address of said relying party server from said second 

authentication request; 
determining if said network address is contained in [[a]] said trusted partner list of 

said issuing pgfft v server : 
sending an authentication assertion, indicating that said client has been 

authenticated, from said issuing party server to said relying part y server 

when said network address is contained in [[a]] said trusted partner list of 

said issuing party server : 
sending an authentication assertion, indicating that said client has not been 

authenticated, from said issuing pwt y server to said relying party server 

when said network address is not contained in said trusted partner list of 

said issuing paFt v server : and 
providing said requested resource to said client d e vice by said relying part y server 

when said authentication assertion indicates that said client has been 

authenticated. 

10. (Currently Amended) The method according to Claim 9, wherein said fifst network 
address and said second network address compris e a first and second comprises an 
intemet protocol (IP) address r e spectiv e ly . 

11. (Currently Amended) The method according to Claim 8, further comprising: 
- logging-on to an issuing p^=t y server utilizing by said client deviee; and 

authenticating said client d e vic e by said issuing part y server . 

12. (Currently Amended) A system for providing a circle of trust comprising: 

a furst affiliated entity server comprising[[;]]i 
a first administration module; and 

a first trusted partner list communicatively coupled to said first 
administration module; and 
said a second affiliat e d e ntity server comprising[[;]]i 
a second administration module; and 

10 



Application No.: 10/627,019 



Docket No.: 03226/503001; P8951 



a second trusted partner list communicatively coupled to said second 
administration module^ 
wherein access by a client to a resource associated with said first server is 
controlled as a function of said second trusted partner list . 

13. (Currently Amended) The system for providing a circle of trust according to claim 12, 
wherein said first administration module receives said a credential of said second 
affiliat e d e ntit y server . 

14. (Currently Amended) The system for providing a circle of trust according to claim 13, 
wherein said first administration module stores said credential of said second 
affiliat e d entity server in [[a]] said first trusted partner list. 

15. (Original) The system for providing a circle of trust according to Claim 14, wherein 
said credential comprises a certificate. 

16. (Original) The system for providing a circle of trust according to Claim 14, wherein 
said credential comprises a network address. 

17. (Currently Amended) The system for providing a circle of tmst according to Claim 
4^12, furth e r comprising: 

[[a]] said client-deviee; 
- [-fan said first affiliated entity server c ommunieatively coupled to said client and a 

said second affiliat e d entit y server, comprisin gw herein said first server 

further comprises: rr:1l 

a first session module; and 

a first authentication module; and 
said second affiliated entit y server communicatively coupled to said client d e vice 

and said first affiliat e d entit y server, comprisin gw herein said second server 

further comprises: FF :]] 

a second session module; and 
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g s e cond trusted portnor lis t a second authentication module . 

18. (Currently Amended) The system for providing a circle of trust according to Claim 
17, wherein said second session module determines ^ an identity of said first server 
an issuing party as a function of an authentication assertion reference received from 
said client-deviea. 

19. (Currently Amended) The system for providing a circle of trust according to Claim 
17, v^herein said first session module determines a trusted status of said second 
affiliated entity server as a function of a certificate received from said second session 
module. 

20. (Currently Amended) The system for providing a circle of trust according to Claim 
17, wherein said first session module determines a trusted status of said second 
affiliat e d e ntity server as a function of a network address of said second session 
module. 

21. (Canceled) 

22. (Currently Amended) The system for providing a circle of trust according to Claim 17 
24-, wherein said first session module provides for secure transfer of information for 
authenticating a us e r on said client-deviee. 

23. (Original) The system for providing a circle of trust according to Claim 22, wherein 
said first session module generates and processes SAML requests and assertions 
contained in SOAP envelopes. 

24. (Canceled) 

25. (Canceled) 

26. (Canceled) 
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27. (Currently Amended) The system for providing a circle of trust according to Claim 20 
34-, wherein said first session module determines said network address of said second 
session module from an HTTP header. 

28. (Currently Amended) A computer readable-medium containing a plurality of 
instructions which when executed cause a n e twork d e vic e to implement a method of 
providing a circle of trust comprising: 

receiving a first network address of a first affiliat e d e ntity server by a second 

affiliated e ntit y server : 
storing said first network address of said first affiliat e d entity server in a first 

trusted partner list accessable accessible by said second affiliat e d e ntity 

server : 

receiving a second network address of said second affiliat e d e ntity server by said 

first affiliat e d e ntit y server : and 
storing said second network address of said second affiliat e d e ntity server in a 

second trusted partner list accessible acc e ssable by said first s e cond 

affiliat e d entit y server, 
wherein access by a client to a resource associated with said first server is 

controlled as a fimction of said first tmsted partner list . 

29. (Currently Amended) The computer readable-medium according to Claim 28, fiirther 
comprising! _____ 

initiating use of [[a]] said resource on a relying party device associated with said 

first server b v [[a]] said client d e vice , wherein an authentication assertion 

reference is provided by [[a]] said client devic e; 
determining an identity of an issuing party said second server as a frinction of said 

authentication assertion reference; 
sending an authentication request from said first server a relying party to said 

second server an issuing party : 
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determining [[a]] said first network address of said relying party first server firom 
said authentication request; 

determining if said first network address is contained in [[a]] said first trusted 
partner list of said second server issuing portv : 

sending an authentication assertion, indicating that said client has been 
authenticated, firom said second server issuing party to said r e lying party 
first server w hen said first network address is contained in [[a]] said first 
trusted partner list of said second server issuing party ; 

sending an authentication assertion, indicating that said client has not been 
authenticated, firom said second server issuing party to said r e lying party 
first server w hen said first network address is not contained in said first 
trusted partner list of said second server issuing party : and 

providing said r e qu e st e d resource to said client d e vic e by said first server g elymg 
party when said authentication assertion indicates that said client has been 
authenticated. 

30. (Currently Amended) The computer readable-medium according to Claim 28, fiirther 
comprising: 

receiving a first certificate of a said first affiliated entit y server by a said second 

affiliat e d e ntit y server : 
storing said first certificate of said first affiliat e d e ntit y server in said first trusted 

partner list acc e GGablo accessible bv said-second affiliat e d e ntity server: 
receiving a second certificate of said second affiliated e ntit y server by said first 

affiliat e d e ntit y server : and 
storing said second certificate of said second affiliat e d entity server in said second 

trusted partner list aco e ssabl e accessible by said first s e cond affiliat e d 

^rtit y server . 

31. (Currently Amended) The computer readable-medium according to Claim 30, further 
comprising: 
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sending an authentication request containing a said first certificate of said first 

server r e iving party to said second server issuing partv ; 
determining if said first certificate is contained in a first trusted partner list of said 

second server issuing partv : 
sending an authentication assertion, indicating that said client has been 

authenticated, fi-om said second server issuing party to said first server 

r e lying party when said first certificate is contained in said first trusted 

partner list of said second server issuing party : 
sending an authentication assertion, indicating that said client has not been 

authenticated, fi*om said second server issuing partv to said first server 

relying party when said first certificate is not contained in said first trusted 

partner list of said second server issuing party : and 
providing said r e qu e sted resource to said client d e vic e by said first server relytng 

party when said authentication assertion indicates that said client has been 

authenticated. 

32. (Currently Amended) The computer readable-medium according to Claim 31, further 
comprising: 

logging-on to said second server bv issuing party utilizing said client dovioo ; and 
authenticating said client d e vic e by said second server issuing party . 

33. (New) A method of providing a circle of trust comprising: 

initiating use of a resource associated with a relying server by a client, wherein an 
authentication assertion reference is provided by said client; 

determinmg an identity of an issuing server as a fiinction of said authentication 
assertion reference; 

sending an authentication request fi-om said relying server to said issuing party; 
determining a network address of said relying server from said authentication 
request; 
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determining if said network address is contained in a trusted partner list of said 
issuing server; 

sending an authentication assertion, indicating that said client has been 
authenticated, from said issuing server to said relying server when said 
network address is contained in said trusted partner list of said issuing 
server; 

sending an authentication assertion, indicating that said client has not been 
authenticated, from said issuing server to said relying server when said 
network address is not contained in said trusted partner list of said issuing 
server; and 

providing said resource to said client by said relying server when said 
authentication assertion indicates that said client has been authenticated. 

34. (New) The method according to Claim 33, further comprising: 

logging-on to an issuing server by said client; and 
authenticating said client by said issuing server. 

35. (New) The computer readable-medium according to Claim 28, ftirther comprising: 

receiving said first network address of said first server by a third server; 

storing said first network address of said first server in a third trusted partner list 

accessible by said third server; 
reeeiving a third network address of said third server by said first server; and 
storing said third network address of said third server in said second trusted 

partner list accessible by said first server. 

36. (New) The method according to Claim 1, fixrther comprising: 

receiving said first certificate of said first server by a third server; 

storing said first certificate of said first server in a third trusted partner list 

accessible by said third server; 
receiving a third certificate of said third server by said first server; and 
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storing said third certificate of said third server in said second trusted partner Ust 

accessible by said first server, 
wherein access by said client to said resource associated with said first server is 

controlled as a function of said third trusted partner list. 
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